Google V8, as used in Google Chrome prior to 12.0.742.91, allows remote malicious users to bypass the Same Origin Policy via unspecified vectors.
google chrome